CVE-2026-45279
Nextcloud: Limited path traversal via template API if using `{lang}` in config
CVSS Score
4.4
EPSS Score
0.0%
EPSS Percentile
9th
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.14, and 32.0.0 to before 32.0.4, if {lang} is used in the template directory config value, non-admin users can in some cases copy arbitrary files (depending on unix permissions) into their own Nextcloud directory via a path traversal. It is recommended that the Nextcloud Server is upgraded to 32.0.4, 31.0.14. It is recommended that the Nextcloud Enterprise Server is upgraded to 32.0.4, 31.0.14, 30.0.17.7, 29.0.17.12, 28.0.14.15
| CWE | CWE-22 |
| Vendor | nextcloud |
| Product | security-advisories |
| Published | Jun 1, 2026 |
| Last Updated | Jun 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for nextcloud security-advisories
Be the first to know when new medium vulnerabilities affecting nextcloud security-advisories are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected Versions
nextcloud / security-advisories
>= 31.0.0, < 31.0.14 >= 32.0.0, < 32.0.4